llms-txt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and inline live site pages (e.g., Phase 2 "From live site" and Phase 4 "Content sources" which list "Live site pages fetched and converted to markdown") and to ask for a live URL, so the agent will ingest untrusted public web content that can directly shape generated LLM instructions and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches live site pages at runtime (e.g., the user-provided site URL such as https://example.com) and inlines that fetched content into /llms-full.txt and the "Instructions for LLMs", meaning remote page content can directly control prompts given to the agent.